diff options
author | Gustav Eek <gustav.eek@fripost.org> | 2018-12-30 10:26:10 +0100 |
---|---|---|
committer | Gustav Eek <gustav.eek@fripost.org> | 2018-12-30 10:26:10 +0100 |
commit | 151ef6437bc2194252f53713f6567e02963c1f7a (patch) | |
tree | a57f41c33f1403b1d50449221751302ad867bfce /tracker/CSP_too_strict | |
parent | 25395abcb95f1c75950b9f28e68ef2b10d32dba3 (diff) | |
parent | f7e3f97b71fa71b5880f31f1ea66e35e181a9711 (diff) |
Merge branch 'master' into contact-procedure-update
Diffstat (limited to 'tracker/CSP_too_strict')
4 files changed, 38 insertions, 0 deletions
diff --git a/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment b/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment new file mode 100644 index 0000000..ce90b13 --- /dev/null +++ b/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="Grégoire" + avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" + subject="Still a problem with http urls" + date="2016-04-08T09:50:11Z" + content=""" +Now some of the images work but not all. According to Firefox' console, http URLs are upgraded to https which may not work all the time. + +I don't know if it is possible but a better way to do this may be to use roundcube as a proxy for images and other inline content? +"""]] diff --git a/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment b/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment new file mode 100644 index 0000000..c6df409 --- /dev/null +++ b/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="guilhem" + avatar="https://seccdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28" + subject="Further weakened the Content-Security-Policy" + date="2016-04-08T12:14:46Z" + content=""" +Alright, just [removed](https://git.fripost.org/fripost-ansible/commit/?id=e370313ad5895871479fffc922e3c72c0375dbf2) [`upgrade-insecure-requests`](https://www.w3.org/TR/upgrade-insecure-requests/#upgrade-insecure-requests) and [`block-all-mixed-content`](https://www.w3.org/TR/mixed-content/#block_all_mixed_content) from the CSP. Again, with the hope that Roundcube's built-in filter is tight enough by default… +"""]] diff --git a/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment b/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment new file mode 100644 index 0000000..3c53e3c --- /dev/null +++ b/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment @@ -0,0 +1,12 @@ +[[!comment format=mdwn + username="Grégoire" + avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" + subject="comment 3" + date="2016-04-08T13:30:16Z" + content=""" +I understand your frustration... + +I found that someone openned an related issue agains Roundcube about this almost exactly 2 years ago: [Image proxy #5099](https://github.com/roundcube/roundcubemail/issues/5099). It doesn't seem to be considered high prirority and I can understand as it's probably not an easy thing to get right. + +An other interesting way to fix this would be to have at tool that inlines all the images in an email (turn the remote images into data urls) which you would run on all incomming messages (maybe using sieve?). The only problem is that it might considerably blow-up the size of your mailboxes but given the benefits, it might be worth a try. +"""]] diff --git a/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment b/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment new file mode 100644 index 0000000..144ef97 --- /dev/null +++ b/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="guilhem" + avatar="https://seccdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28" + subject="comment 4" + date="2016-04-08T13:39:39Z" + content=""" +Would be nice to have such proxy, indeed. Beside the mailbox overhead, another downside of the sieve hack is that this would invalidate all integrity checking such as DKIM or OpenPGP. +"""]] |